CVE List - 2002 / July
Showing 1 - 79 of 79 CVEs for July 2002 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2002-0652 | 2002-07-01 | xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as... |
| CVE-2002-0637 | 2002-07-04 | InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places... |
| CVE-2002-0624 | 2002-07-12 | Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and... |
| CVE-2002-0641 | 2002-07-12 | Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via... |
| CVE-2002-0643 | 2002-07-12 | The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local... |
| CVE-2002-0677 | 2002-07-12 | CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call,... |
| CVE-2002-0680 | 2002-07-12 | Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE:... |
| CVE-2002-0681 | 2002-07-12 | Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message,... |
| CVE-2002-0683 | 2002-07-12 | Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter. |
| CVE-2002-0667 | 2002-07-15 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone. |
| CVE-2002-0670 | 2002-07-15 | The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily... |
| CVE-2002-0675 | 2002-07-15 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone. |
| CVE-2002-0686 | 2002-07-15 | Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to... |
| CVE-2001-0890 | 2002-07-23 | Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary... |
| CVE-2002-0702 | 2002-07-23 | Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers... |
| CVE-2002-0713 | 2002-07-23 | Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using... |
| CVE-2002-0715 | 2002-07-23 | Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. |
| CVE-2002-0717 | 2002-07-23 | PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form,... |
| CVE-2001-1379 | 2002-07-26 | The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name. |
| CVE-2002-0644 | 2002-07-26 | Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary... |
| CVE-2002-0645 | 2002-07-26 | SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. |
| CVE-2002-0649 | 2002-07-26 | Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary... |
| CVE-2002-0728 | 2002-07-26 | Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that... |
| CVE-2002-0730 | 2002-07-26 | Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage. |
| CVE-2002-0731 | 2002-07-26 | Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl. |
| CVE-2002-0732 | 2002-07-26 | Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments. |
| CVE-2002-0735 | 2002-07-26 | Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary... |
| CVE-2002-0739 | 2002-07-26 | Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. |
| CVE-2002-0740 | 2002-07-26 | Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument. |
| CVE-2002-0742 | 2002-07-26 | Buffer overflow in pioout on AIX 4.3.3. |
| CVE-2002-0743 | 2002-07-26 | mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow. |
| CVE-2002-0744 | 2002-07-26 | namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow. |
| CVE-2002-0745 | 2002-07-26 | Buffer overflow in uucp in AIX 4.3.3. |
| CVE-2002-0746 | 2002-07-26 | Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument. |
| CVE-2002-0747 | 2002-07-26 | Buffer overflow in lsmcode in AIX 4.3.3. |
| CVE-2002-0749 | 2002-07-26 | CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field. |
| CVE-2002-0750 | 2002-07-26 | CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field. |
| CVE-2002-0751 | 2002-07-26 | CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters. |
| CVE-2002-0752 | 2002-07-26 | CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. |
| CVE-2002-0753 | 2002-07-26 | Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. |
| CVE-2002-0756 | 2002-07-26 | Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. |
| CVE-2002-0757 | 2002-07-26 | (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication... |
| CVE-2002-0763 | 2002-07-26 | Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server. |
| CVE-2002-0764 | 2002-07-26 | Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a... |
| CVE-2002-0767 | 2002-07-26 | simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with... |
| CVE-2002-0769 | 2002-07-26 | The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the... |
| CVE-2002-0770 | 2002-07-26 | Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does... |
| CVE-2002-0771 | 2002-07-26 | Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters. |
| CVE-2002-0772 | 2002-07-26 | Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter. |
| CVE-2002-0773 | 2002-07-26 | imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath,... |
| CVE-2002-0774 | 2002-07-26 | Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. |
| CVE-2002-0775 | 2002-07-26 | browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter. |
| CVE-2002-0779 | 2002-07-26 | FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large... |
| CVE-2002-0780 | 2002-07-26 | IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data,... |
| CVE-2002-0781 | 2002-07-26 | RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage... |
| CVE-2002-0782 | 2002-07-26 | Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to... |
| CVE-2002-0783 | 2002-07-26 | Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a... |
| CVE-2002-0784 | 2002-07-26 | Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot). |
| CVE-2002-0786 | 2002-07-26 | iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. |
| CVE-2002-0787 | 2002-07-26 | Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1)... |
| CVE-2002-0791 | 2002-07-26 | Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and... |
| CVE-2002-0792 | 2002-07-26 | The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or... |
| CVE-2002-0793 | 2002-07-26 | Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility,... |
| CVE-2002-0796 | 2002-07-26 | Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges. |
| CVE-2002-0797 | 2002-07-26 | Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges. |
| CVE-2002-0798 | 2002-07-26 | Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be... |
| CVE-2002-0799 | 2002-07-26 | Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. |
| CVE-2002-0800 | 2002-07-26 | BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. |
| CVE-2000-1207 | 2002-07-31 | userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited... |
| CVE-2001-1384 | 2002-07-31 | ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an... |
| CVE-2002-0655 | 2002-07-31 | OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service... |
| CVE-2002-0656 | 2002-07-31 | Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a... |
| CVE-2002-0657 | 2002-07-31 | Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. |
| CVE-2002-0659 | 2002-07-31 | The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. |
| CVE-2002-0684 | 2002-07-31 | Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS... |
| CVE-2002-0803 | 2002-07-31 | Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. |
| CVE-2002-0807 | 2002-07-31 | Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field,... |
| CVE-2002-0811 | 2002-07-31 | Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort... |
| CVE-2000-1208 | 2002-08-01 | Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from... |
| CVE-2002-0815 | 2002-08-01 | The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted... |
| CVE-2002-0819 | 2002-08-02 | Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is... |
| CVE-2002-0820 | 2002-08-02 | FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could... |
| CVE-2002-0821 | 2002-08-02 | Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. |
| CVE-2002-0822 | 2002-08-02 | Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors,... |
| CVE-2002-0825 | 2002-08-07 | Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| CVE-2002-0827 | 2002-08-07 | Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824. |
| CVE-2002-0832 | 2002-08-07 | Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. |
| CVE-2002-0833 | 2002-08-07 | Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. |
| CVE-2000-1209 | 2002-08-10 | The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages... |
| CVE-2002-0660 | 2002-08-10 | Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code,... |
| CVE-2002-0661 | 2002-08-10 | Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \... |
| CVE-2002-0812 | 2002-08-10 | Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows... |
| CVE-2002-0849 | 2002-08-10 | Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by... |
| CVE-2002-0632 | 2002-08-14 | Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. |
| CVE-2002-0852 | 2002-08-14 | Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a... |
| CVE-2002-0854 | 2002-08-14 | Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain... |
| CVE-2002-0855 | 2002-08-14 | Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters... |
| CVE-2002-0093 | 2002-08-20 | Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CVE-2001-0423. |
| CVE-2002-0654 | 2002-08-20 | Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks... |
| CVE-2002-0721 | 2002-08-20 | Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to... |